Overview

overview

10

Static

static

5c2da372c8...d0.exe

windows7-x64

9

5c2da372c8...d0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2022 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c2da372c8776532c200452f366d1de8c55cc861a6c450168468b3413df173d0.exe

  • Size

    930KB

  • MD5

    4e74a3354afe8632e63645f79f34bc4c

  • SHA1

    9392b8b4ee598a6b0de4651344f7e3513719fa8e

  • SHA256

    5c2da372c8776532c200452f366d1de8c55cc861a6c450168468b3413df173d0

  • SHA512

    a70106f24f304360bac9c6ad2f974821a3d39f233d763f1ae10ac4cec638edadbe509f2c2ce4bcccc662453565b150a7b1b98bb5811dfc31b5af28dc4212f51f

Score
9/10

Malware Config

Signatures

  • NirSoft MailPassView 2 IoCs

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView 2 IoCs

    Password recovery tool for various web browsers

  • Nirsoft 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c2da372c8776532c200452f366d1de8c55cc861a6c450168468b3413df173d0.exe
    "C:\Users\Admin\AppData\Local\Temp\5c2da372c8776532c200452f366d1de8c55cc861a6c450168468b3413df173d0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Users\Admin\AppData\Local\Temp\5c2da372c8776532c200452f366d1de8c55cc861a6c450168468b3413df173d0.exe
      C:\Users\Admin\AppData\Local\Temp\5c2da372c8776532c200452f366d1de8c55cc861a6c450168468b3413df173d0.exe"
      2⤵
      • Suspicious use of UnmapMainImage
      PID:940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/940-58-0x00000000004D13CE-mapping.dmp
    Download
  • memory/940-63-0x0000000000400000-0x0000000000477000-memory.dmp
    Filesize

    476KB

    Download
  • memory/940-66-0x00000000066D0000-0x0000000006760000-memory.dmp
    Filesize

    576KB

    Download
  • memory/940-69-0x0000000077C60000-0x0000000077DE0000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/940-70-0x0000000077C60000-0x0000000077DE0000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/940-71-0x0000000074E30000-0x00000000753DB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/940-72-0x0000000074E30000-0x00000000753DB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/1752-56-0x0000000000390000-0x0000000000397000-memory.dmp
    Filesize

    28KB

    Download
  • memory/1752-57-0x0000000076961000-0x0000000076963000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1752-59-0x0000000077C60000-0x0000000077DE0000-memory.dmp
    Filesize

    1.5MB

    Download